44 entries in 0.232s
mircea_popescu: yes, but wrong approach to it all! "here's why serpent's no good, here's why i don't like dea-aes etc, here's rabin method, imo best" IS something.
mircea_popescu: i vaguely recall it had a weak-ish aes thing
mircea_popescu: . (Note that this is a direct encryption of plaintext material with the help of RSA and not an encryption of a key for e.g. AES with RSA and afterwards an encryption of the plaintext with AES). Based on this function are the functions rsaencryptplaintexttoct() and rsaencryptbytearraytoct(), which process a user-given plaintext string and byte sequence respectively." << this distinction seems rathger without a difference.
mircea_popescu: sed 's/aes/serpent/'
mircea_popescu: anyway, so what's the work mode here, every now and again server sends client a rsa-encrypted packet containing 16 aes keys ; client enciphers its comms to the server with one selected from a set of 8 selected from those 16 ; and deciphers server's with one selected from set of 8 other than previous set. now and again burns a key.
mircea_popescu: apparently AES is one of those topics where someone could just pick up the log discussion over 3 years and make anencyclopedia entry
mircea_popescu: in other items of republican interest : eulora is at a stage where we have to set down what we'll use for sensitive data encryption (such as for instance the privkey files). i don't particularily wish to use aes ; anyone wants to contribute to this emerging spec ? ☟︎
mircea_popescu: the categorical alternative (literally what gpg does now) fell on the grounds of "at least we don't need aes" ; the obvious "cut R into bits and use each" seems to my eye weaker, tho who even knows.
mircea_popescu: trying to stuff a mac or something in there will make the bondogle regret the days of the aes/rsa combo.
mircea_popescu: awww. AES!!1
mircea_popescu: you can not promise gpg is just aes. neither can they.
mircea_popescu: asciilifeform you mean, "if i find aes collision, i can replace signed text with (longer) signed text" ?
mircea_popescu: iirc it's pw-based aes
mircea_popescu: that's what aes did to try and escape "oh it's just maff", "fine we'll implement control structures".
mircea_popescu: anyway. aes and des should be excommunicated out of everything asap, there's no two ways about it.
mircea_popescu: meanwhile notice that EVERYONE is on aes to the degree people are treating it like windows.
mircea_popescu: ake this postining). Even the NSA trusts AES enough to certify it for use protecting top secret information."
mircea_popescu: derp #1 : "What is wrong with existing block ciphers like AES? AES has been in widespread use for over a decade and to the best of my knowledge, there is still no practical attack on it (unless someone has built a working quantum computer and not told anyone about it). Its totally free of patents and IP issues. Its been implemented in a huge variety of hardware and software (including the Intel CPU that I am using to m ☟︎
mircea_popescu: getting rid of aes gets rid of this anyway.
mircea_popescu: blowfish has successfully resisted analysis and was thoroughly abandoned. because aes "won a competition" ? ☟︎
mircea_popescu: in any case : i don't like aes for purely political reasons. it became an apparent schelling point out of absolutely nowhere for no discernible reason. these situations always stink. ☟︎☟︎
mircea_popescu: asciilifeform http://trilema.com/2014/minigame-smg-august-2014-statement/#comment-114754 << don't you find it a little odd that even on an obscure liuttle game such as eulora, someone does find the time to carefully probe me about aes ? ☟︎
mircea_popescu: "rsa. use for text. rsa/aes. use for anything that's not text."
mircea_popescu: use AES FOR THAT!
mircea_popescu: do they do the "rsa encryption of an aes symmetric key" thing ?
mircea_popescu: besides, fucking aes.
mircea_popescu: anyway, birdy whispers in my ear guy's from group that came up with the original xls aes attack. definitely more standing than tim swanson or w/e.
mircea_popescu: isn't that the 14 round braindead aes ?
mircea_popescu: thestringpuller note that the question is leading. sure, "aes optimised" hardware may deliver better performance, at an unknown cost to security.
mircea_popescu: Almost all AES implementations use fast lookup tables. <<< o, what ever could be the problem with lookup tables wink wink
mircea_popescu: in practice it's used as an aes hole. but yes. ☟︎
mircea_popescu: i guess the author doesn't realise it or something, but this lays bare a much used, fundamental, very valuable exploit of aes.
mircea_popescu: -192 and AES-256 revealing the final round key provides 128 bits of key entropy.)
mircea_popescu: It gets worse. Nearly every AES implementation using AESNI will leave two values in registers: The final block of output, and the final round key. The final block of output isn't a problem for encryption operations — it is ciphertext, which we can assume has leaked anyway — but for encryption an AES-128 key can be computed from the final round key, and for decryption the final round key is the AES-128 key. (For AES ☟︎
mircea_popescu: one of the best reasons to not use aes seriously.
mircea_popescu: Consider the "XMM" registers on the x86 architecture: They will only be used by the SSE family of instructions, which is not widely used in most applications — so once a value is stored in one of those registers, it may remain there for a long time. One of the rare instances those registers are used by cryptographic code, however, is for AES computations, using the "AESNI" instruction set.
mircea_popescu: ered-down encryption (to use stronger encryption in many areas, such as AES-loop, you needed to compile your own kernel and go to great lengths to manually bypass barriers they put in place to the use of genuinely strong encryption). This told me then that those who controlled distributions were deeply in the pockets of intelligence networks. So it comes as no surprise to me that they jumped on board systemd when told
mircea_popescu: <pankkake> apparently "military grade" is aes-256 cbc, and admin pins are good ideas << herp
mircea_popescu: isnt twofish aes ?
mircea_popescu: >>> AES encryption is applied to the wallet. Passphrase is specified via environment variable PICOCOIN_PASSPHRASE. << god help us.
mircea_popescu: i think they have aes-256 nao tho
mircea_popescu: also afaik aes-128 is something to the tune of 10^40 ?
mircea_popescu: i thought aes-128 worked on integers ?
mircea_popescu: . Recently, our classified NSA Oak Ridge facility made a stunning breakthrough that is leading us on a path towards building the first exaflop machine (1 quintillion instructions per second) by 2018. This will give us the capability to break the AES-128 encryption key